Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Weißer Bildschirm beim Start von Windows (https://www.trojaner-board.de/125183-weisser-bildschirm-beim-start-windows.html)

oktoberus 04.10.2012 21:59
Weißer Bildschirm beim Start von Windows
 
Hallo,
habe ein ähnliches Problem wie viele hier:
Wenn ich meinen Rechner einschalte wird mir kurz mein Desktop angezeigt und dann wird der Bildschirm weiß.
Ich habe OTL heruntergeladen und die Anweisungen befolgt.
Das kam dabei heraus:

OTL logfile created on: 04.10.2012 22:08:48 - Run 1
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Ich\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 86,96% Memory free
5,99 Gb Paging File | 5,64 Gb Available in Paging File | 94,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,21 Gb Total Space | 9,25 Gb Free Space | 7,96% Space Free | Partition Type: NTFS
Drive D: | 115,21 Gb Total Space | 14,60 Gb Free Space | 12,67% Space Free | Partition Type: NTFS

Computer Name: ICH-PC | User Name: Ich | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.04 22:04:38 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Ich\Desktop\OTL.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010.09.22 21:12:20 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2012.09.04 18:35:37 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2012.08.30 19:37:24 | 000,722,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012.08.13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.06.27 13:01:14 | 000,096,768 | ---- | M] (Freemake) [Auto | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012.01.06 15:30:55 | 000,109,168 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Online Visions\Payback-Reporting.exe -- (Payback-Reporting-Service)
SRV - [2012.01.06 15:30:54 | 000,186,992 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Online Visions\Payback-Updater.exe -- (Payback-Update-Service)
SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.03.14 17:27:28 | 000,271,712 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010.09.06 09:11:32 | 000,217,088 | ---- | M] (Teruten) [Auto | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.04.30 13:55:54 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Stopped] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2010.04.12 18:03:44 | 000,329,168 | ---- | M] () [Auto | Stopped] -- C:\Program Files\XSManager\WTGService.exe -- (WTGService)
SRV - [2010.03.22 16:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Stopped] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ac1z13yu)
DRV - [2012.09.04 18:35:37 | 000,353,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2012.09.04 18:35:37 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012.09.04 18:35:37 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012.09.04 18:35:37 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012.08.30 19:37:27 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.08.24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.07.26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.04.04 17:16:26 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012.01.09 18:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012.01.09 18:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 18:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 18:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010.12.21 07:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.12.21 07:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010.12.21 07:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.06 09:11:32 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.05.11 08:58:10 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.01.13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.02.15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.11.09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=ae622736-1b98-4ad6-b3af-0c6bc8c101cc&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=ae622736-1b98-4ad6-b3af-0c6bc8c101cc&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=ae622736-1b98-4ad6-b3af-0c6bc8c101cc&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 8B 2D 51 6A 10 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=ae622736-1b98-4ad6-b3af-0c6bc8c101cc&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=ae622736-1b98-4ad6-b3af-0c6bc8c101cc&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=ae622736-1b98-4ad6-b3af-0c6bc8c101cc&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3500C0D2-7F31-45CB-915B-E0727474A2D7}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=VDJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=BC3D28E8-AFAF-47F4-9DE3-A8AE8404C946&apn_sauid=2F428194-EACF-4F02-9AE0-C0826BA1794B
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_deDE392
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={A0CB15AC-5584-4A81-B2D3-5FCD0AB48B5D}&mid=856b82ee1bd047d189c2d15775b25127-2428c1d093d3f4e34cc114b5ace1ec9f7f2557da&lang=de&ds=AVG&pr=fr&d=2012-07-09 19:21:53&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ich\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ich\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ich\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ich\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: C:\Program Files\Online Visions [2012.10.04 06:08:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012.08.30 19:38:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.07.25 18:45:48 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=ae622736-1b98-4ad6-b3af-0c6bc8c101cc&affid=111583&searchtype=hp&babsrc=lnkry
CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=ae622736-1b98-4ad6-b3af-0c6bc8c101cc&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=ae622736-1b98-4ad6-b3af-0c6bc8c101cc&affid=111583&searchtype=hp&babsrc=lnkry
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ich\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ich\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ich\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Gacela Plugin (Enabled) = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkejcihojcegdmifcnlkhmnelneogef\11.3.1046_0\plugin/npgacela.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: AT_GoodSmileCo = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecfjhbbloiepdanbklnmimlknahlfih\2\
CHR - Extension: YouTube = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Online Visions = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkejcihojcegdmifcnlkhmnelneogef\11.3.1046_0\
CHR - Extension: Freemake Video Converter = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: AVG Secure Search = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\
CHR - Extension: Google Mail = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll (BitComet)
O2 - BHO: (Online Visions) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Online Visions\Gacela2.dll (Payback)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (PAYBACK Toolbar Browserhilfsobjekt) - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Program Files\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (PAYBACK Toolbar) - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Program Files\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (PAYBACK Toolbar) - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - C:\Program Files\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKCU..\Run: [abhhylgabrgziyq] C:\ProgramData\abhhylga.exe ()
O4 - HKCU..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O4 - Startup: C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2012.07.09 18:33:16 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2012.07.09 18:33:16 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2012.07.09 18:33:16 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2012.07.09 18:33:16 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2012.07.09 18:33:16 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2012.07.09 18:33:16 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2012.07.09 18:33:16 | 000,000,000 | ---D | M]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PAYBACK Toolbar - {4840E489-677C-4a08-A1B5-FFAF5196531E} - C:\Program Files\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O9 - Extra 'Tools' menuitem : Über Online Visions - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Online Visions\Gacela2.dll (Payback)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55D0E844-1964-404D-BA52-CD999D336008}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CB50243-B638-45A9-B5D4-1792516E8D90}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{854F0031-1A32-4290-B035-7B5A8A59D2B8}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96D7AF44-7327-4DAA-A4EC-2A6170BC3D44}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1B40336-ADB3-4086-AD5C-AB556DFE849B}: NameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{05aca2af-62a2-11df-b6b1-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{05aca2af-62a2-11df-b6b1-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{05aca2b3-62a2-11df-b6b1-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{05aca2b3-62a2-11df-b6b1-0016eab56a32}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{393ffaad-62ab-11df-bdcf-001e3356b8d4}\Shell - "" = AutoRun
O33 - MountPoints2\{393ffaad-62ab-11df-bdcf-001e3356b8d4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{43cd82d9-f6a5-11e1-93c6-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{43cd82d9-f6a5-11e1-93c6-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{43cd82e6-f6a5-11e1-93c6-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{43cd82e6-f6a5-11e1-93c6-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{53edc2c0-f6b1-11e1-aba0-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{53edc2c0-f6b1-11e1-aba0-001e101f2b52}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{53edc2f2-f6b1-11e1-aba0-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{53edc2f2-f6b1-11e1-aba0-001e101f2b52}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{59d6d7ae-e2b8-11df-a843-001e3356b8d4}\Shell - "" = AutoRun
O33 - MountPoints2\{59d6d7ae-e2b8-11df-a843-001e3356b8d4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{782e8080-a89f-11df-b5df-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{782e8080-a89f-11df-b5df-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{782e808f-a89f-11df-b5df-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{782e808f-a89f-11df-b5df-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9f57bebe-ed81-11df-a3db-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{9f57bebe-ed81-11df-a3db-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9f57bec3-ed81-11df-a3db-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{9f57bec3-ed81-11df-a3db-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9f923484-68d2-11df-bdb1-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{9f923484-68d2-11df-bdb1-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9f923495-68d2-11df-bdb1-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{9f923495-68d2-11df-bdb1-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ab6e16bf-5cca-11df-81af-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{ab6e16bf-5cca-11df-81af-0016eab56a32}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{ab6e16bf-5cca-11df-81af-0016eab56a32}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe
O33 - MountPoints2\{b6130a6f-8c9e-11e1-8a99-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{b6130a6f-8c9e-11e1-8a99-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b6130a72-8c9e-11e1-8a99-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{b6130a72-8c9e-11e1-8a99-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b6130a74-8c9e-11e1-8a99-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{b6130a74-8c9e-11e1-8a99-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b6130a77-8c9e-11e1-8a99-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{b6130a77-8c9e-11e1-8a99-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c56844fc-6b2f-11df-bc8a-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{c56844fc-6b2f-11df-bc8a-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c5684501-6b2f-11df-bc8a-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{c5684501-6b2f-11df-bc8a-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e5d3c911-6a75-11df-ba57-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{e5d3c911-6a75-11df-ba57-0016eab56a32}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{f0294904-7bd7-11e1-ad0f-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{f0294904-7bd7-11e1-ad0f-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f029490c-7bd7-11e1-ad0f-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{f029490c-7bd7-11e1-ad0f-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.04 22:06:32 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Ich\Desktop\OTL.exe
[2012.10.03 21:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\jevbqauabwpmrat
[2012.10.01 18:05:56 | 000,000,000 | ---D | C] -- C:\Users\Ich\Desktop\Unterlagen zum Lernen
[2012.09.30 17:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.09.23 16:43:15 | 000,000,000 | ---D | C] -- C:\Users\Ich\Desktop\Ebay Ira
[2012.09.10 22:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

========== Files - Modified Within 30 Days ==========

[2012.10.04 22:07:16 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.04 22:07:16 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.04 22:07:16 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.04 22:07:16 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.04 22:04:38 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Ich\Desktop\OTL.exe
[2012.10.04 21:44:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.04 21:44:43 | 2414,346,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.04 06:08:26 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.03 21:49:30 | 000,076,348 | ---- | M] () -- C:\ProgramData\iwfszhsnlfkzepp
[2012.10.03 21:49:23 | 000,105,984 | ---- | M] () -- C:\ProgramData\abhhylga.exe
[2012.10.03 21:49:23 | 000,105,984 | ---- | M] () -- C:\Users\Ich\0.8503512116502293.exe
[2012.10.03 21:21:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.03 20:36:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4042552619-893366859-1901273293-1000UA.job
[2012.10.03 20:23:01 | 096,372,992 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.10.03 09:20:26 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.03 09:20:26 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.02 21:36:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4042552619-893366859-1901273293-1000Core.job
[2012.09.30 21:40:23 | 000,380,216 | ---- | M] () -- C:\Users\Ich\Desktop\Weg_zur_Monatskarte_Azubi_08_2012.pdf
[2012.09.28 19:39:04 | 000,002,440 | ---- | M] () -- C:\Users\Ich\Desktop\Google Chrome.lnk
[2012.09.21 13:08:24 | 000,076,903 | ---- | M] () -- C:\Users\Ich\Desktop\IMG-20120921-WA0000.jpg
[2012.09.10 22:06:17 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.09.10 19:10:29 | 000,093,727 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm

========== Files Created - No Company Name ==========

[2012.10.03 21:49:29 | 000,105,984 | ---- | C] () -- C:\ProgramData\abhhylga.exe
[2012.10.03 21:49:24 | 000,076,348 | ---- | C] () -- C:\ProgramData\iwfszhsnlfkzepp
[2012.10.03 21:49:20 | 000,105,984 | ---- | C] () -- C:\Users\Ich\0.8503512116502293.exe
[2012.09.30 21:40:22 | 000,380,216 | ---- | C] () -- C:\Users\Ich\Desktop\Weg_zur_Monatskarte_Azubi_08_2012.pdf
[2012.09.21 18:57:40 | 000,076,903 | ---- | C] () -- C:\Users\Ich\Desktop\IMG-20120921-WA0000.jpg
[2012.08.09 12:47:01 | 000,000,040 | ---- | C] () -- C:\ProgramData\igqwoshnmwmqvue
[2012.07.31 11:05:45 | 000,000,051 | ---- | C] () -- C:\ProgramData\vsvdwzjlodqmkgx
[2012.06.15 22:49:04 | 000,000,052 | ---- | C] () -- C:\ProgramData\yqzxeuexiaxubth
[2012.06.03 12:18:51 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2012.06.03 12:18:51 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.11.08 16:45:15 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.11.08 16:42:13 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.10.31 18:20:50 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.10.22 12:06:27 | 000,000,000 | ---- | C] () -- C:\Users\Ich\AppData\Local\{BBB42AB2-427C-4ADC-A35A-DBAEDDC7DE55}
[2011.10.15 20:34:58 | 000,000,000 | ---- | C] () -- C:\Users\Ich\AppData\Local\{088D925C-4F14-4F3B-A53C-F2CBEEA682CB}
[2011.10.15 19:19:25 | 000,003,584 | ---- | C] () -- C:\Users\Ich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.04 18:07:25 | 000,000,000 | ---- | C] () -- C:\Users\Ich\AppData\Local\{7FE53C8D-660F-4CA8-82C4-C973F8367913}
[2011.08.31 20:04:46 | 000,000,000 | ---- | C] () -- C:\Users\Ich\AppData\Local\{1CA07FB5-C79B-4356-9090-5D3F87E7F09F}
[2011.08.28 19:43:56 | 000,000,000 | ---- | C] () -- C:\Users\Ich\AppData\Local\{D299E9BD-2E5A-494F-9ABD-13EC5F535993}
[2011.07.27 08:22:11 | 000,000,000 | ---- | C] () -- C:\Users\Ich\AppData\Local\{CDF06C7B-3C33-4552-B212-35DD27644F13}
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.10.03 00:28:56 | 099,739,528 | ---- | C] () -- C:\Program Files\Virtual Pool 3 + Crack + Savegame + Manual & Info (English & Deutsch) The Most Perfect Billard & Snooker Game For PC.zip
[2010.08.09 19:58:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.29 19:10:41 | 000,022,328 | ---- | C] () -- C:\Users\Ich\AppData\Roaming\PnkBstrK.sys

========== ZeroAccess Check ==========

[2011.11.17 07:38:39 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\@
[2012.07.13 19:09:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\L
[2012.09.28 18:44:31 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U
[2012.10.04 21:44:59 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\L\00000004.@
[2012.07.06 18:28:05 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U\00000004.@
[2012.07.08 13:07:25 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U\00000008.@
[2012.07.07 11:02:12 | 000,001,632 | ---- | M] () -- C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U\000000cb.@
[2012.07.22 18:33:05 | 000,013,312 | ---- | M] () -- C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U\80000000.@
[2012.09.28 18:44:31 | 000,087,040 | ---- | M] () -- C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U\80000032.@
[2012.07.08 08:51:50 | 000,002,048 | -HS- | M] () -- C:\Users\Ich\AppData\Local\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\@
[2011.11.17 07:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Ich\AppData\Local\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\L
[2011.11.17 07:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Ich\AppData\Local\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012.10.04 21:44:56 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 10:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2011.12.08 00:48:44 | 000,010,908 | ---- | M] ()(C:\Users\Ich\Desktop\????? ???.docx) -- C:\Users\Ich\Desktop\фильм МЕЧ.docx
[2011.06.19 23:00:39 | 000,010,908 | ---- | C] ()(C:\Users\Ich\Desktop\????? ???.docx) -- C:\Users\Ich\Desktop\фильм МЕЧ.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Danach konnte ich den Rechner im normalen Modus wieder starten, vorher nur im abgesicherten.

Ich hoffe, das sind genug Informationen, damit mir jemand weiterhelfen kann.
Danke schon mal!!!

MfG

kira 05.10.2012 08:28
Hallo und Herzlich Willkommen! :)

Habe leider schlechte Nachricht für Dich, da hast Du Dir ein grausliches Tierchen eingefangenhttp://www.world-of-smilies.com/wos_sonstige/crying.gif:
Zitat:
win32.ZAccess
Empfiehlt sich hier das System nur mehr neu zu installieren (alle anderen Optionen sind Unsinn!), da die Bekämpfung diese Art der Infektion ohne div. Nebenwirkungen und hinterlassenen Schaden, die immer wieder [auf verschiedene Weise] Probleme bereiten können, ist nicht möglich!
- einen Backdoor mit Rootkitfunktionalität http://www.world-of-smilies.com/wos_sonstige/crying.gif

diese Malware verwendet Rootkit-Technologie und Backdoor-Routine
*was sind Backdoors und Rootkits*

Verhaltensweise:
"speicherresident"

Tipps & Rat: wenn Du deine Daten sichern möchtest:
- für eine reibungslose Abwicklung im Bereich Datensicherung, führe das folgende script mit OTL aus, außerdem das Tool TDSSKiller von Kaspersky und Malwarebytes laufen lassen:

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript (also - nach dem "Code", alles was in der Codebox steht! - (also beginnend mit :OTL und am Ende [emptytemp] ohne "code"!) :
Code:
:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ac1z13yu)
O4 - HKCU..\Run: [abhhylgabrgziyq] C:\ProgramData\abhhylga.exe ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{05aca2af-62a2-11df-b6b1-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{05aca2af-62a2-11df-b6b1-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{05aca2b3-62a2-11df-b6b1-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{05aca2b3-62a2-11df-b6b1-0016eab56a32}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{393ffaad-62ab-11df-bdcf-001e3356b8d4}\Shell - "" = AutoRun
O33 - MountPoints2\{393ffaad-62ab-11df-bdcf-001e3356b8d4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{43cd82d9-f6a5-11e1-93c6-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{43cd82d9-f6a5-11e1-93c6-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{43cd82e6-f6a5-11e1-93c6-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{43cd82e6-f6a5-11e1-93c6-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{53edc2c0-f6b1-11e1-aba0-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{53edc2c0-f6b1-11e1-aba0-001e101f2b52}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{53edc2f2-f6b1-11e1-aba0-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{53edc2f2-f6b1-11e1-aba0-001e101f2b52}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{59d6d7ae-e2b8-11df-a843-001e3356b8d4}\Shell - "" = AutoRun
O33 - MountPoints2\{59d6d7ae-e2b8-11df-a843-001e3356b8d4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{782e8080-a89f-11df-b5df-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{782e8080-a89f-11df-b5df-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{782e808f-a89f-11df-b5df-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{782e808f-a89f-11df-b5df-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9f57bebe-ed81-11df-a3db-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{9f57bebe-ed81-11df-a3db-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9f57bec3-ed81-11df-a3db-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{9f57bec3-ed81-11df-a3db-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9f923484-68d2-11df-bdb1-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{9f923484-68d2-11df-bdb1-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9f923495-68d2-11df-bdb1-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{9f923495-68d2-11df-bdb1-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ab6e16bf-5cca-11df-81af-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{ab6e16bf-5cca-11df-81af-0016eab56a32}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{ab6e16bf-5cca-11df-81af-0016eab56a32}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe
O33 - MountPoints2\{b6130a6f-8c9e-11e1-8a99-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{b6130a6f-8c9e-11e1-8a99-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b6130a72-8c9e-11e1-8a99-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{b6130a72-8c9e-11e1-8a99-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b6130a74-8c9e-11e1-8a99-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{b6130a74-8c9e-11e1-8a99-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b6130a77-8c9e-11e1-8a99-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{b6130a77-8c9e-11e1-8a99-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c56844fc-6b2f-11df-bc8a-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{c56844fc-6b2f-11df-bc8a-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c5684501-6b2f-11df-bc8a-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{c5684501-6b2f-11df-bc8a-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e5d3c911-6a75-11df-ba57-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{e5d3c911-6a75-11df-ba57-0016eab56a32}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{f0294904-7bd7-11e1-ad0f-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{f0294904-7bd7-11e1-ad0f-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f029490c-7bd7-11e1-ad0f-0016eab56a32}\Shell - "" = AutoRun
O33 - MountPoints2\{f029490c-7bd7-11e1-ad0f-0016eab56a32}\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2011.11.17 07:38:39 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\@
[2012.07.13 19:09:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\L
[2012.09.28 18:44:31 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U
[2012.10.04 21:44:59 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\L\00000004.@
[2012.07.06 18:28:05 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U\00000004.@
[2012.07.08 13:07:25 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U\00000008.@
[2012.07.07 11:02:12 | 000,001,632 | ---- | M] () -- C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U\000000cb.@
[2012.07.22 18:33:05 | 000,013,312 | ---- | M] () -- C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U\80000000.@
[2012.09.28 18:44:31 | 000,087,040 | ---- | M] () -- C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U\80000032.@
[2012.07.08 08:51:50 | 000,002,048 | -HS- | M] () -- C:\Users\Ich\AppData\Local\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\@
[2011.11.17 07:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Ich\AppData\Local\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\L
[2011.11.17 07:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Ich\AppData\Local\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012.10.04 21:44:56 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC\Desktop.ini
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:0B4227B4

:Files
C:\ProgramData\abhhylga.exe
C:\ProgramData\jevbqauabwpmrat
C:\ProgramData\iwfszhsnlfkzepp
C:\Users\Ich\0.8503512116502293.exe
C:\ProgramData\igqwoshnmwmqvue
C:\ProgramData\vsvdwzjlodqmkgx
C:\ProgramData\yqzxeuexiaxubth
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
Zitat:
Achtung Mitleser!:
Jedes einzelne OTL-Script wird individuell auf den Benutzer abgestimmt! Diese Anleitung gilt nur auf dem hier betroffenen Rechner. Anwendung bei anderen Maschinen oder Nutzung von "selbst erstellte Scriptkombination" kann zu ernsthaften Schäden führen!
2.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malwarevon hier herunter
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

3.
TDSSKiller von Kaspersky
  • Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
  • Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
  • deaktiviere vorübergehend dein AntiVirus-Programm
  • Starte die TDSSKiller.exe durch Doppelklick.
  • Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
    Bestätige das ggfs. mit Y(es).
    Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
  • Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.
Hier findest Du eine ausführlichere Anleitung.

4.
Datensicherung:
► NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
- Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen
- Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall!
- Eventuell gecrackte Software nicht sichern und dann auf neu aufgesetztem System wieder drauf installieren!

5.
-> Anleitung: Neuaufsetzen des Systems + Absicherung
-> Anleitung zum Neuaufsetzen - Windows XP, Vista und Win7

6.
- Vor zurückspielen - bevor du mit deinem PC direkt ins Netz gehst...:
- die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten

Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung
Absolut empfehlenswerter Scanner:
Zitat:
Eset Online Scanner (NOD32)
Panda-Aktivscan
Symantec Security Check
Die Online-Scanner sind alle reine On-Demand-Scanner. Sie durchsuchen einzelne Dateien oder Verzeichnisse, wahlweise die gesamte Festplatte, haben keinen Hintergrundwächter oder andere residente Prozesse. Dadurch verbrauchen sie ausser Festplattenspeicher keine Resourcen und man kann beliebig viele gleichzeitig installieren. Die Online-Scanner sind gut geeignet um sich eine zweite Meinung einzuholen.

7.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

gruß
kira

oktoberus 05.10.2012 15:23
Hallo Kira,

vielen lieben Dank für deine Antwort. Ich hatte es schon befürchtet, dass es so kommen wird. Ich werde deine Vorschläge befolgen, danke für die ausführliche Beschreibung. Hoffe, dass es klappen wird :)

MfG oktoberus

oktoberus 06.10.2012 17:50
Ich habe OTL jetzt nochmal laufen lassen mit dem neuen Code. Das kam dabei raus:

Code:

All processes killed
========== OTL ==========
Error: No service named ac1z13yu was found to stop!
Service\Driver key ac1z13yu not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\abhhylgabrgziyq not found.
File C:\ProgramData\abhhylga.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05aca2af-62a2-11df-b6b1-0016eab56a32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05aca2af-62a2-11df-b6b1-0016eab56a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05aca2af-62a2-11df-b6b1-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05aca2af-62a2-11df-b6b1-0016eab56a32}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05aca2b3-62a2-11df-b6b1-0016eab56a32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05aca2b3-62a2-11df-b6b1-0016eab56a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05aca2b3-62a2-11df-b6b1-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05aca2b3-62a2-11df-b6b1-0016eab56a32}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{393ffaad-62ab-11df-bdcf-001e3356b8d4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{393ffaad-62ab-11df-bdcf-001e3356b8d4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{393ffaad-62ab-11df-bdcf-001e3356b8d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{393ffaad-62ab-11df-bdcf-001e3356b8d4}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43cd82d9-f6a5-11e1-93c6-0016eab56a32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43cd82d9-f6a5-11e1-93c6-0016eab56a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43cd82d9-f6a5-11e1-93c6-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43cd82d9-f6a5-11e1-93c6-0016eab56a32}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43cd82e6-f6a5-11e1-93c6-0016eab56a32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43cd82e6-f6a5-11e1-93c6-0016eab56a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43cd82e6-f6a5-11e1-93c6-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43cd82e6-f6a5-11e1-93c6-0016eab56a32}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53edc2c0-f6b1-11e1-aba0-001e101f2b52}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53edc2c0-f6b1-11e1-aba0-001e101f2b52}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53edc2c0-f6b1-11e1-aba0-001e101f2b52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53edc2c0-f6b1-11e1-aba0-001e101f2b52}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53edc2f2-f6b1-11e1-aba0-001e101f2b52}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53edc2f2-f6b1-11e1-aba0-001e101f2b52}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53edc2f2-f6b1-11e1-aba0-001e101f2b52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53edc2f2-f6b1-11e1-aba0-001e101f2b52}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59d6d7ae-e2b8-11df-a843-001e3356b8d4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59d6d7ae-e2b8-11df-a843-001e3356b8d4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59d6d7ae-e2b8-11df-a843-001e3356b8d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59d6d7ae-e2b8-11df-a843-001e3356b8d4}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{782e8080-a89f-11df-b5df-0016eab56a32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{782e8080-a89f-11df-b5df-0016eab56a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{782e8080-a89f-11df-b5df-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{782e8080-a89f-11df-b5df-0016eab56a32}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{782e808f-a89f-11df-b5df-0016eab56a32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{782e808f-a89f-11df-b5df-0016eab56a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{782e808f-a89f-11df-b5df-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{782e808f-a89f-11df-b5df-0016eab56a32}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f57bebe-ed81-11df-a3db-0016eab56a32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f57bebe-ed81-11df-a3db-0016eab56a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f57bebe-ed81-11df-a3db-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f57bebe-ed81-11df-a3db-0016eab56a32}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f57bec3-ed81-11df-a3db-0016eab56a32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f57bec3-ed81-11df-a3db-0016eab56a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f57bec3-ed81-11df-a3db-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f57bec3-ed81-11df-a3db-0016eab56a32}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f923484-68d2-11df-bdb1-0016eab56a32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f923484-68d2-11df-bdb1-0016eab56a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f923484-68d2-11df-bdb1-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f923484-68d2-11df-bdb1-0016eab56a32}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f923495-68d2-11df-bdb1-0016eab56a32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f923495-68d2-11df-bdb1-0016eab56a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f923495-68d2-11df-bdb1-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f923495-68d2-11df-bdb1-0016eab56a32}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab6e16bf-5cca-11df-81af-0016eab56a32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab6e16bf-5cca-11df-81af-0016eab56a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab6e16bf-5cca-11df-81af-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab6e16bf-5cca-11df-81af-0016eab56a32}\ not found.
File G:\setup\rsrc\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab6e16bf-5cca-11df-81af-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab6e16bf-5cca-11df-81af-0016eab56a32}\ not found.
File G:\Directx\dxsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6130a6f-8c9e-11e1-8a99-0016eab56a32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6130a6f-8c9e-11e1-8a99-0016eab56a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6130a6f-8c9e-11e1-8a99-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6130a6f-8c9e-11e1-8a99-0016eab56a32}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6130a72-8c9e-11e1-8a99-0016eab56a32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6130a72-8c9e-11e1-8a99-0016eab56a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6130a72-8c9e-11e1-8a99-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6130a72-8c9e-11e1-8a99-0016eab56a32}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6130a74-8c9e-11e1-8a99-0016eab56a32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6130a74-8c9e-11e1-8a99-0016eab56a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6130a74-8c9e-11e1-8a99-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6130a74-8c9e-11e1-8a99-0016eab56a32}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6130a77-8c9e-11e1-8a99-0016eab56a32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6130a77-8c9e-11e1-8a99-0016eab56a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6130a77-8c9e-11e1-8a99-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6130a77-8c9e-11e1-8a99-0016eab56a32}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c56844fc-6b2f-11df-bc8a-0016eab56a32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c56844fc-6b2f-11df-bc8a-0016eab56a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c56844fc-6b2f-11df-bc8a-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c56844fc-6b2f-11df-bc8a-0016eab56a32}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5684501-6b2f-11df-bc8a-0016eab56a32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c5684501-6b2f-11df-bc8a-0016eab56a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5684501-6b2f-11df-bc8a-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c5684501-6b2f-11df-bc8a-0016eab56a32}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5d3c911-6a75-11df-ba57-0016eab56a32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5d3c911-6a75-11df-ba57-0016eab56a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5d3c911-6a75-11df-ba57-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5d3c911-6a75-11df-ba57-0016eab56a32}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0294904-7bd7-11e1-ad0f-0016eab56a32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0294904-7bd7-11e1-ad0f-0016eab56a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0294904-7bd7-11e1-ad0f-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0294904-7bd7-11e1-ad0f-0016eab56a32}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f029490c-7bd7-11e1-ad0f-0016eab56a32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f029490c-7bd7-11e1-ad0f-0016eab56a32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f029490c-7bd7-11e1-ad0f-0016eab56a32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f029490c-7bd7-11e1-ad0f-0016eab56a32}\ not found.
File F:\AutoRun.exe not found.
C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\@ moved successfully.
C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\L folder moved successfully.
C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U folder moved successfully.
File C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\L\00000004.@ not found.
File C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U\00000004.@ not found.
File C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U\00000008.@ not found.
File C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U\000000cb.@ not found.
File C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U\80000000.@ not found.
File C:\Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U\80000032.@ not found.
C:\Users\Ich\AppData\Local\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\@ moved successfully.
C:\Users\Ich\AppData\Local\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\L folder moved successfully.
C:\Users\Ich\AppData\Local\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U folder moved successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
C:\Windows\assembly\GAC\Desktop.ini moved successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
========== FILES ==========
File\Folder C:\ProgramData\abhhylga.exe not found.
C:\ProgramData\jevbqauabwpmrat folder moved successfully.
C:\ProgramData\iwfszhsnlfkzepp moved successfully.
C:\Users\Ich\0.8503512116502293.exe moved successfully.
C:\ProgramData\igqwoshnmwmqvue moved successfully.
C:\ProgramData\vsvdwzjlodqmkgx moved successfully.
C:\ProgramData\yqzxeuexiaxubth moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Ich\Desktop\cmd.bat deleted successfully.
C:\Users\Ich\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Ich
->Temp folder emptied: 20094559 bytes
->Temporary Internet Files folder emptied: 1123723494 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 268337826 bytes
->Flash cache emptied: 6124 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 814721 bytes
RecycleBin emptied: 25406570 bytes
 
Total Files Cleaned = 1.372,00 mb
 
 
OTL by OldTimer - Version 3.2.70.2 log created on 10062012_123119

Files\Folders moved on Reboot...
File\Folder C:\Users\Ich\AppData\Local\Temp\~DF0190FC798E183121.TMP not found!
File\Folder C:\Users\Ich\AppData\Local\Temp\~DF0EE9C111F96C27F6.TMP not found!
File\Folder C:\Users\Ich\AppData\Local\Temp\~DF23FE1B1E163F1798.TMP not found!
File\Folder C:\Users\Ich\AppData\Local\Temp\~DFB4F0BAF8DBF564A8.TMP not found!
C:\Windows\temp\flaAF79.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Und hier ist der Bericht vom MBAM:

Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.06.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Ich :: ICH-PC [Administrator]

06.10.2012 12:53:35
mbam-log-2012-10-06 (12-53-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 332251
Laufzeit: 1 Stunde(n), 51 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 9
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Löschen bei Neustart.
C:\Windows\assembly\GAC\trz255A.tmp (Trojan.0access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\assembly\GAC\trzB309.tmp (Trojan.0access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\10062012_123119\C_Users\Ich\0.8503512116502293.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\10062012_123119\C_Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\10062012_123119\C_Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U\00000004.@ (Rootkit.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\10062012_123119\C_Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\10062012_123119\C_Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U\000000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\10062012_123119\C_Windows\Installer\{a8697c05-e47a-2883-3c27-d3e290ddb5d5}\U\80000000.@ (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Jetzt wollte ich mein Antivirus-Programm deaktivieren. Ich habe AVG drauf, es kommt aber die Fehlermeldung: "Beim Speichern der Konfiguration ist ein Fehler aufgetreten. Die angegebene Datei wurde nicht gefunden." Kann ich TDSKiller trotzdem laufen lassen oder muss ich dafür mein Antivirus-Programm deinstallieren?

kira 07.10.2012 06:53
kannst ja mit TDSSKiller von Kaspersky weiter machen

oktoberus 07.10.2012 18:32
Und hier der Bericht von Kaspersky:

Code:
11:05:44.0066 3056  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
11:05:44.0082 3056  ============================================================
11:05:44.0082 3056  Current date / time: 2012/10/07 11:05:44.0082
11:05:44.0082 3056  SystemInfo:
11:05:44.0082 3056 
11:05:44.0082 3056  OS Version: 6.1.7601 ServicePack: 1.0
11:05:44.0082 3056  Product type: Workstation
11:05:44.0082 3056  ComputerName: ICH-PC
11:05:44.0082 3056  UserName: Ich
11:05:44.0082 3056  Windows directory: C:\Windows
11:05:44.0082 3056  System windows directory: C:\Windows
11:05:44.0082 3056  Processor architecture: Intel x86
11:05:44.0082 3056  Number of processors: 2
11:05:44.0082 3056  Page size: 0x1000
11:05:44.0082 3056  Boot type: Normal boot
11:05:44.0082 3056  ============================================================
11:05:46.0859 3056  BG loaded
11:05:48.0161 3056  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:05:48.0171 3056  ============================================================
11:05:48.0171 3056  \Device\Harddisk0\DR0:
11:05:48.0171 3056  MBR partitions:
11:05:48.0171 3056  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xE86C000
11:05:48.0171 3056  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEB5A800, BlocksNum 0xE66A800
11:05:48.0171 3056  ============================================================
11:05:48.0303 3056  C: <-> \Device\Harddisk0\DR0\Partition1
11:05:48.0699 3056  D: <-> \Device\Harddisk0\DR0\Partition2
11:05:48.0699 3056  ============================================================
11:05:48.0699 3056  Initialize success
11:05:48.0699 3056  ============================================================

kira 07.10.2012 19:25
ab Punkt 4. wie empfohlen, bitte weiter machen:-> http://www.trojaner-board.de/125183-...tml#post931167


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:48 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131